1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions that interface with the HCI transport. On
22 * the receive side, it routes events to the appropriate handler, e.g.
23 * L2CAP, ScoMgr. On the transmit side, it manages the command
24 * transmission.
25 *
26 ******************************************************************************/
27
28 #define LOG_TAG "bt_btu_hcif"
29
30 #include <base/functional/bind.h>
31 #include <base/location.h>
32 #include <base/logging.h>
33
34 #include <cstdint>
35
36 #include "btif/include/btif_config.h"
37 #include "common/metrics.h"
38 #include "device/include/controller.h"
39 #include "gd/common/init_flags.h"
40 #include "main/shim/hci_layer.h"
41 #include "osi/include/allocator.h"
42 #include "osi/include/log.h"
43 #include "stack/include/acl_hci_link_interface.h"
44 #include "stack/include/ble_acl_interface.h"
45 #include "stack/include/ble_hci_link_interface.h"
46 #include "stack/include/bt_hdr.h"
47 #include "stack/include/btm_iso_api.h"
48 #include "stack/include/btu.h"
49 #include "stack/include/dev_hci_link_interface.h"
50 #include "stack/include/gatt_api.h"
51 #include "stack/include/hci_error_code.h"
52 #include "stack/include/hci_evt_length.h"
53 #include "stack/include/inq_hci_link_interface.h"
54 #include "stack/include/l2cap_hci_link_interface.h"
55 #include "stack/include/sco_hci_link_interface.h"
56 #include "stack/include/sec_hci_link_interface.h"
57 #include "stack/include/stack_metrics_logging.h"
58 #include "types/hci_role.h"
59 #include "types/raw_address.h"
60
61 using base::Location;
62 using bluetooth::hci::IsoManager;
63
64 bool BTM_BLE_IS_RESOLVE_BDA(const RawAddress& x); // TODO remove
65 void BTA_sys_signal_hw_error(); // TODO remove
66 void smp_cancel_start_encryption_attempt(); // TODO remove
67 void acl_disconnect_from_handle(uint16_t handle, tHCI_STATUS reason,
68 std::string comment); // TODO remove
69
70 /******************************************************************************/
71 /* L O C A L F U N C T I O N P R O T O T Y P E S */
72 /******************************************************************************/
73 static void btu_hcif_inquiry_comp_evt(uint8_t* p);
74
75 static void btu_hcif_authentication_comp_evt(uint8_t* p);
76 static void btu_hcif_rmt_name_request_comp_evt(const uint8_t* p,
77 uint16_t evt_len);
78 static void btu_hcif_encryption_change_evt(uint8_t* p);
79 static void btu_hcif_read_rmt_ext_features_comp_evt(uint8_t* p,
80 uint8_t evt_len);
81 static void btu_hcif_command_complete_evt(BT_HDR* response, void* context);
82 static void btu_hcif_command_status_evt(uint8_t status, BT_HDR* command,
83 void* context);
84 static void btu_hcif_hardware_error_evt(uint8_t* p);
85 static void btu_hcif_mode_change_evt(uint8_t* p);
86 static void btu_hcif_link_key_notification_evt(const uint8_t* p);
87 static void btu_hcif_read_clock_off_comp_evt(uint8_t* p);
88 static void btu_hcif_esco_connection_comp_evt(const uint8_t* p);
89 static void btu_hcif_esco_connection_chg_evt(uint8_t* p);
90
91 /* Simple Pairing Events */
92 static void btu_hcif_io_cap_request_evt(const uint8_t* p);
93
94 static void btu_ble_ll_conn_param_upd_evt(uint8_t* p, uint16_t evt_len);
95 static void btu_ble_proc_ltk_req(uint8_t* p, uint16_t evt_len);
96 static void btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t* p);
97 static void btu_ble_data_length_change_evt(uint8_t* p, uint16_t evt_len);
98 static void btu_ble_rc_param_req_evt(uint8_t* p, uint8_t len);
99
100 /**
101 * Log HCI event metrics that are not handled in special functions
102 * @param evt_code event code
103 * @param p_event pointer to event parameter, skipping paremter length
104 */
btu_hcif_log_event_metrics(uint8_t evt_code,const uint8_t * p_event)105 void btu_hcif_log_event_metrics(uint8_t evt_code, const uint8_t* p_event) {
106 uint32_t cmd = android::bluetooth::hci::CMD_UNKNOWN;
107 uint16_t status = android::bluetooth::hci::STATUS_UNKNOWN;
108 uint16_t reason = android::bluetooth::hci::STATUS_UNKNOWN;
109 uint16_t handle = bluetooth::common::kUnknownConnectionHandle;
110 int64_t value = 0;
111
112 RawAddress bda = RawAddress::kEmpty;
113 switch (evt_code) {
114 case HCI_IO_CAPABILITY_REQUEST_EVT:
115 case HCI_IO_CAPABILITY_RESPONSE_EVT:
116 case HCI_LINK_KEY_REQUEST_EVT:
117 case HCI_LINK_KEY_NOTIFICATION_EVT:
118 case HCI_USER_PASSKEY_REQUEST_EVT:
119 case HCI_USER_PASSKEY_NOTIFY_EVT:
120 case HCI_USER_CONFIRMATION_REQUEST_EVT:
121 case HCI_KEYPRESS_NOTIFY_EVT:
122 case HCI_REMOTE_OOB_DATA_REQUEST_EVT:
123 STREAM_TO_BDADDR(bda, p_event);
124 log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason,
125 value);
126 break;
127 case HCI_SIMPLE_PAIRING_COMPLETE_EVT:
128 case HCI_RMT_NAME_REQUEST_COMP_EVT:
129 STREAM_TO_UINT8(status, p_event);
130 STREAM_TO_BDADDR(bda, p_event);
131 log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason,
132 value);
133 break;
134 case HCI_AUTHENTICATION_COMP_EVT:
135 STREAM_TO_UINT8(status, p_event);
136 STREAM_TO_UINT16(handle, p_event);
137 handle = HCID_GET_HANDLE(handle);
138 log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason,
139 value);
140 break;
141 case HCI_ENCRYPTION_CHANGE_EVT: {
142 uint8_t encryption_enabled;
143 STREAM_TO_UINT8(status, p_event);
144 STREAM_TO_UINT16(handle, p_event);
145 STREAM_TO_UINT8(encryption_enabled, p_event);
146 log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason,
147 encryption_enabled);
148 break;
149 }
150 case HCI_ESCO_CONNECTION_COMP_EVT: {
151 uint8_t link_type;
152 STREAM_TO_UINT8(status, p_event);
153 STREAM_TO_UINT16(handle, p_event);
154 STREAM_TO_BDADDR(bda, p_event);
155 STREAM_TO_UINT8(link_type, p_event);
156 handle = HCID_GET_HANDLE(handle);
157 log_link_layer_connection_event(
158 &bda, handle, android::bluetooth::DIRECTION_UNKNOWN, link_type, cmd,
159 evt_code, android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
160 break;
161 }
162 case HCI_ESCO_CONNECTION_CHANGED_EVT: {
163 STREAM_TO_UINT8(status, p_event);
164 STREAM_TO_UINT16(handle, p_event);
165 handle = HCID_GET_HANDLE(handle);
166 log_link_layer_connection_event(
167 nullptr, handle, android::bluetooth::DIRECTION_UNKNOWN,
168 android::bluetooth::LINK_TYPE_UNKNOWN, cmd, evt_code,
169 android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
170 break;
171 }
172 case HCI_BLE_EVENT: {
173 break;
174 }
175 case HCI_CONNECTION_COMP_EVT: // EventCode::CONNECTION_COMPLETE
176 case HCI_CONNECTION_REQUEST_EVT: // EventCode::CONNECTION_REQUEST
177 case HCI_DISCONNECTION_COMP_EVT: // EventCode::DISCONNECTION_COMPLETE
178 default:
179 LOG_ERROR(
180 "Unexpectedly received event_code:0x%02x that should not be "
181 "handled here",
182 evt_code);
183 break;
184 }
185 }
186
187 /*******************************************************************************
188 *
189 * Function btu_hcif_process_event
190 *
191 * Description This function is called when an event is received from
192 * the Host Controller.
193 *
194 * Returns void
195 *
196 ******************************************************************************/
btu_hcif_process_event(UNUSED_ATTR uint8_t controller_id,const BT_HDR * p_msg)197 void btu_hcif_process_event(UNUSED_ATTR uint8_t controller_id,
198 const BT_HDR* p_msg) {
199 uint8_t* p = (uint8_t*)(p_msg + 1) + p_msg->offset;
200 uint8_t hci_evt_code, hci_evt_len;
201 uint8_t ble_sub_code;
202 STREAM_TO_UINT8(hci_evt_code, p);
203 STREAM_TO_UINT8(hci_evt_len, p);
204
205 // validate event size
206 if (hci_evt_len < hci_event_parameters_minimum_length[hci_evt_code]) {
207 HCI_TRACE_WARNING("%s: evt:0x%2X, malformed event of size %hhd", __func__,
208 hci_evt_code, hci_evt_len);
209 return;
210 }
211
212 btu_hcif_log_event_metrics(hci_evt_code, p);
213
214 switch (hci_evt_code) {
215 case HCI_INQUIRY_COMP_EVT:
216 btu_hcif_inquiry_comp_evt(p);
217 break;
218 case HCI_INQUIRY_RESULT_EVT:
219 btm_process_inq_results(p, hci_evt_len, BTM_INQ_RESULT_STANDARD);
220 break;
221 case HCI_INQUIRY_RSSI_RESULT_EVT:
222 btm_process_inq_results(p, hci_evt_len, BTM_INQ_RESULT_WITH_RSSI);
223 break;
224 case HCI_EXTENDED_INQUIRY_RESULT_EVT:
225 btm_process_inq_results(p, hci_evt_len, BTM_INQ_RESULT_EXTENDED);
226 break;
227 case HCI_AUTHENTICATION_COMP_EVT:
228 btu_hcif_authentication_comp_evt(p);
229 break;
230 case HCI_RMT_NAME_REQUEST_COMP_EVT:
231 btu_hcif_rmt_name_request_comp_evt(p, hci_evt_len);
232 break;
233 case HCI_ENCRYPTION_CHANGE_EVT:
234 btu_hcif_encryption_change_evt(p);
235 break;
236 case HCI_ENCRYPTION_KEY_REFRESH_COMP_EVT:
237 btu_hcif_encryption_key_refresh_cmpl_evt(p);
238 break;
239 case HCI_READ_RMT_EXT_FEATURES_COMP_EVT:
240 btu_hcif_read_rmt_ext_features_comp_evt(p, hci_evt_len);
241 break;
242 case HCI_COMMAND_COMPLETE_EVT:
243 LOG_ERROR(
244 "%s should not have received a command complete event. "
245 "Someone didn't go through the hci transmit_command function.",
246 __func__);
247 break;
248 case HCI_COMMAND_STATUS_EVT:
249 LOG_ERROR(
250 "%s should not have received a command status event. "
251 "Someone didn't go through the hci transmit_command function.",
252 __func__);
253 break;
254 case HCI_HARDWARE_ERROR_EVT:
255 btu_hcif_hardware_error_evt(p);
256 break;
257 case HCI_MODE_CHANGE_EVT:
258 btu_hcif_mode_change_evt(p);
259 break;
260 case HCI_PIN_CODE_REQUEST_EVT:
261 btm_sec_pin_code_request(p);
262 break;
263 case HCI_LINK_KEY_REQUEST_EVT:
264 btm_sec_link_key_request(p);
265 break;
266 case HCI_LINK_KEY_NOTIFICATION_EVT:
267 btu_hcif_link_key_notification_evt(p);
268 break;
269 case HCI_READ_CLOCK_OFF_COMP_EVT:
270 btu_hcif_read_clock_off_comp_evt(p);
271 break;
272 case HCI_ESCO_CONNECTION_COMP_EVT:
273 btu_hcif_esco_connection_comp_evt(p);
274 break;
275 case HCI_ESCO_CONNECTION_CHANGED_EVT:
276 btu_hcif_esco_connection_chg_evt(p);
277 break;
278 case HCI_SNIFF_SUB_RATE_EVT:
279 btm_pm_proc_ssr_evt(p, hci_evt_len);
280 break;
281 case HCI_RMT_HOST_SUP_FEAT_NOTIFY_EVT:
282 btm_sec_rmt_host_support_feat_evt(p);
283 break;
284 case HCI_IO_CAPABILITY_REQUEST_EVT:
285 btu_hcif_io_cap_request_evt(p);
286 break;
287 case HCI_IO_CAPABILITY_RESPONSE_EVT:
288 btm_io_capabilities_rsp(p);
289 break;
290 case HCI_USER_CONFIRMATION_REQUEST_EVT:
291 btm_proc_sp_req_evt(BTM_SP_CFM_REQ_EVT, p);
292 break;
293 case HCI_USER_PASSKEY_REQUEST_EVT:
294 btm_proc_sp_req_evt(BTM_SP_KEY_REQ_EVT, p);
295 break;
296 case HCI_REMOTE_OOB_DATA_REQUEST_EVT:
297 btm_rem_oob_req(p);
298 break;
299 case HCI_SIMPLE_PAIRING_COMPLETE_EVT:
300 btm_simple_pair_complete(p);
301 break;
302 case HCI_USER_PASSKEY_NOTIFY_EVT:
303 btm_proc_sp_req_evt(BTM_SP_KEY_NOTIF_EVT, p);
304 break;
305
306 case HCI_BLE_EVENT: {
307 STREAM_TO_UINT8(ble_sub_code, p);
308
309 uint8_t ble_evt_len = hci_evt_len - 1;
310 switch (ble_sub_code) {
311 case HCI_BLE_ADV_PKT_RPT_EVT: /* result of inquiry */
312 btm_ble_process_adv_pkt(ble_evt_len, p);
313 break;
314 case HCI_BLE_LL_CONN_PARAM_UPD_EVT:
315 btu_ble_ll_conn_param_upd_evt(p, ble_evt_len);
316 break;
317 case HCI_BLE_READ_REMOTE_FEAT_CMPL_EVT:
318 btm_ble_read_remote_features_complete(p, ble_evt_len);
319 break;
320 case HCI_BLE_LTK_REQ_EVT: /* received only at peripheral device */
321 btu_ble_proc_ltk_req(p, ble_evt_len);
322 break;
323 case HCI_BLE_RC_PARAM_REQ_EVT:
324 btu_ble_rc_param_req_evt(p, ble_evt_len);
325 break;
326 case HCI_BLE_DATA_LENGTH_CHANGE_EVT:
327 btu_ble_data_length_change_evt(p, hci_evt_len);
328 break;
329
330 case HCI_BLE_PHY_UPDATE_COMPLETE_EVT:
331 btm_ble_process_phy_update_pkt(ble_evt_len, p);
332 break;
333
334 case HCI_LE_EXTENDED_ADVERTISING_REPORT_EVT:
335 btm_ble_process_ext_adv_pkt(hci_evt_len, p);
336 break;
337
338 case HCI_LE_ADVERTISING_SET_TERMINATED_EVT:
339 btm_le_on_advertising_set_terminated(p, hci_evt_len);
340 break;
341
342 case HCI_BLE_REQ_PEER_SCA_CPL_EVT:
343 btm_acl_process_sca_cmpl_pkt(ble_evt_len, p);
344 break;
345
346 case HCI_BLE_PERIODIC_ADV_SYNC_EST_EVT:
347 btm_ble_process_periodic_adv_sync_est_evt(
348 ble_evt_len, const_cast<const uint8_t*>(p));
349 break;
350
351 case HCI_BLE_PERIODIC_ADV_REPORT_EVT:
352 btm_ble_process_periodic_adv_pkt(ble_evt_len,
353 const_cast<const uint8_t*>(p));
354 break;
355
356 case HCI_BLE_PERIODIC_ADV_SYNC_LOST_EVT:
357 btm_ble_process_periodic_adv_sync_lost_evt(ble_evt_len, p);
358 break;
359
360 case HCI_BLE_CIS_EST_EVT:
361 case HCI_BLE_CREATE_BIG_CPL_EVT:
362 case HCI_BLE_TERM_BIG_CPL_EVT:
363 case HCI_BLE_CIS_REQ_EVT:
364 case HCI_BLE_BIG_SYNC_EST_EVT:
365 case HCI_BLE_BIG_SYNC_LOST_EVT:
366 IsoManager::GetInstance()->HandleHciEvent(ble_sub_code, p,
367 ble_evt_len);
368 break;
369
370 case HCI_LE_PERIODIC_ADV_SYNC_TRANSFERE_RECEIVED_EVT:
371 btm_ble_periodic_adv_sync_tx_rcvd(p, hci_evt_len);
372 break;
373
374 case HCI_LE_BIGINFO_ADVERTISING_REPORT_EVT:
375 btm_ble_biginfo_adv_report_rcvd(p, hci_evt_len);
376 break;
377
378 // Events are now captured by gd/hci/le_acl_connection_interface.h
379 case HCI_BLE_CONN_COMPLETE_EVT: // SubeventCode::CONNECTION_COMPLETE
380 case HCI_BLE_ENHANCED_CONN_COMPLETE_EVT: // SubeventCode::ENHANCED_CONNECTION_COMPLETE
381 case HCI_LE_SUBRATE_CHANGE_EVT: // SubeventCode::LE_SUBRATE_CHANGE
382 default:
383 LOG_ERROR(
384 "Unexpectedly received LE sub_event_code:0x%02x that should not "
385 "be handled here",
386 ble_sub_code);
387 break;
388 }
389 } break;
390
391 case HCI_VENDOR_SPECIFIC_EVT:
392 btm_vendor_specific_evt(const_cast<const uint8_t*>(p), hci_evt_len);
393 break;
394
395 // Events now captured by gd::hci_layer module
396 case HCI_NUM_COMPL_DATA_PKTS_EVT: // EventCode::NUMBER_OF_COMPLETED_PACKETS
397 case HCI_CONNECTION_COMP_EVT: // EventCode::CONNECTION_COMPLETE
398 case HCI_CONNECTION_REQUEST_EVT: // EventCode::CONNECTION_REQUEST
399 case HCI_READ_RMT_FEATURES_COMP_EVT: // EventCode::READ_REMOTE_SUPPORTED_FEATURES_COMPLETE
400 case HCI_READ_RMT_VERSION_COMP_EVT: // EventCode::READ_REMOTE_VERSION_INFORMATION_COMPLETE
401 case HCI_ROLE_CHANGE_EVT: // EventCode::ROLE_CHANGE
402 case HCI_DISCONNECTION_COMP_EVT: // EventCode::DISCONNECTION_COMPLETE
403 default:
404 LOG_ERROR(
405 "Unexpectedly received event_code:0x%02x that should not be "
406 "handled here",
407 hci_evt_code);
408 break;
409 }
410 }
411
btu_hcif_log_command_metrics(uint16_t opcode,const uint8_t * p_cmd,uint16_t cmd_status,bool is_cmd_status)412 static void btu_hcif_log_command_metrics(uint16_t opcode, const uint8_t* p_cmd,
413 uint16_t cmd_status,
414 bool is_cmd_status) {
415 static uint16_t kUnknownBleEvt = android::bluetooth::hci::BLE_EVT_UNKNOWN;
416
417 uint16_t hci_event = android::bluetooth::hci::EVT_COMMAND_STATUS;
418 if (!is_cmd_status) {
419 hci_event = android::bluetooth::hci::EVT_UNKNOWN;
420 cmd_status = android::bluetooth::hci::STATUS_UNKNOWN;
421 }
422
423 RawAddress bd_addr;
424 uint16_t handle;
425 uint8_t reason;
426
427 switch (opcode) {
428 case HCI_CREATE_CONNECTION:
429 case HCI_CREATE_CONNECTION_CANCEL:
430 STREAM_TO_BDADDR(bd_addr, p_cmd);
431 log_link_layer_connection_event(
432 &bd_addr, bluetooth::common::kUnknownConnectionHandle,
433 android::bluetooth::DIRECTION_OUTGOING,
434 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event, kUnknownBleEvt,
435 cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
436 break;
437 case HCI_DISCONNECT:
438 STREAM_TO_UINT16(handle, p_cmd);
439 STREAM_TO_UINT8(reason, p_cmd);
440 log_link_layer_connection_event(
441 nullptr, handle, android::bluetooth::DIRECTION_UNKNOWN,
442 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
443 kUnknownBleEvt, cmd_status, reason);
444 break;
445 case HCI_SETUP_ESCO_CONNECTION:
446 case HCI_ENH_SETUP_ESCO_CONNECTION:
447 STREAM_TO_UINT16(handle, p_cmd);
448 log_link_layer_connection_event(
449 nullptr, handle, android::bluetooth::DIRECTION_OUTGOING,
450 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
451 kUnknownBleEvt, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
452 break;
453 case HCI_ACCEPT_CONNECTION_REQUEST:
454 case HCI_ACCEPT_ESCO_CONNECTION:
455 case HCI_ENH_ACCEPT_ESCO_CONNECTION:
456 STREAM_TO_BDADDR(bd_addr, p_cmd);
457 log_link_layer_connection_event(
458 &bd_addr, bluetooth::common::kUnknownConnectionHandle,
459 android::bluetooth::DIRECTION_INCOMING,
460 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
461 kUnknownBleEvt, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
462 break;
463 case HCI_REJECT_CONNECTION_REQUEST:
464 case HCI_REJECT_ESCO_CONNECTION:
465 STREAM_TO_BDADDR(bd_addr, p_cmd);
466 STREAM_TO_UINT8(reason, p_cmd);
467 log_link_layer_connection_event(
468 &bd_addr, bluetooth::common::kUnknownConnectionHandle,
469 android::bluetooth::DIRECTION_INCOMING,
470 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
471 kUnknownBleEvt, cmd_status, reason);
472 break;
473
474 // BLE Commands
475 case HCI_BLE_CREATE_LL_CONN: {
476 p_cmd += 2; // Skip LE_Scan_Interval
477 p_cmd += 2; // Skip LE_Scan_Window;
478 uint8_t initiator_filter_policy;
479 STREAM_TO_UINT8(initiator_filter_policy, p_cmd);
480 uint8_t peer_address_type;
481 STREAM_TO_UINT8(peer_address_type, p_cmd);
482 STREAM_TO_BDADDR(bd_addr, p_cmd);
483 // Peer address should not be used if initiator filter policy is not 0x00
484 const RawAddress* bd_addr_p = nullptr;
485 if (initiator_filter_policy == 0x00) {
486 bd_addr_p = &bd_addr;
487 if (peer_address_type == BLE_ADDR_PUBLIC_ID ||
488 peer_address_type == BLE_ADDR_RANDOM_ID) {
489 // if identity address is not matched, this address is invalid
490 if (!btm_identity_addr_to_random_pseudo(&bd_addr, &peer_address_type,
491 false)) {
492 bd_addr_p = nullptr;
493 }
494 }
495 }
496 if (initiator_filter_policy == 0x00 ||
497 (cmd_status != HCI_SUCCESS && !is_cmd_status)) {
498 // Selectively log to avoid log spam due to acceptlist connections:
499 // - When doing non-acceptlist connection
500 // - When there is an error in command status
501 log_link_layer_connection_event(
502 bd_addr_p, bluetooth::common::kUnknownConnectionHandle,
503 android::bluetooth::DIRECTION_OUTGOING,
504 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event,
505 kUnknownBleEvt, cmd_status,
506 android::bluetooth::hci::STATUS_UNKNOWN);
507 }
508 break;
509 }
510 case HCI_LE_EXTENDED_CREATE_CONNECTION: {
511 uint8_t initiator_filter_policy;
512 STREAM_TO_UINT8(initiator_filter_policy, p_cmd);
513 p_cmd += 1; // Skip Own_Address_Type
514 uint8_t peer_addr_type;
515 STREAM_TO_UINT8(peer_addr_type, p_cmd);
516 STREAM_TO_BDADDR(bd_addr, p_cmd);
517 // Peer address should not be used if initiator filter policy is not 0x00
518 const RawAddress* bd_addr_p = nullptr;
519 if (initiator_filter_policy == 0x00) {
520 bd_addr_p = &bd_addr;
521 // if identity address is not matched, this should be a static address
522 btm_identity_addr_to_random_pseudo(&bd_addr, &peer_addr_type, false);
523 }
524 if (initiator_filter_policy == 0x00 ||
525 (cmd_status != HCI_SUCCESS && !is_cmd_status)) {
526 // Selectively log to avoid log spam due to acceptlist connections:
527 // - When doing non-acceptlist connection
528 // - When there is an error in command status
529 log_link_layer_connection_event(
530 bd_addr_p, bluetooth::common::kUnknownConnectionHandle,
531 android::bluetooth::DIRECTION_OUTGOING,
532 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event,
533 kUnknownBleEvt, cmd_status,
534 android::bluetooth::hci::STATUS_UNKNOWN);
535 }
536 break;
537 }
538 case HCI_BLE_CREATE_CONN_CANCEL:
539 if (cmd_status != HCI_SUCCESS && !is_cmd_status) {
540 // Only log errors to prevent log spam due to acceptlist connections
541 log_link_layer_connection_event(
542 nullptr, bluetooth::common::kUnknownConnectionHandle,
543 android::bluetooth::DIRECTION_OUTGOING,
544 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event,
545 kUnknownBleEvt, cmd_status,
546 android::bluetooth::hci::STATUS_UNKNOWN);
547 }
548 break;
549 case HCI_READ_LOCAL_OOB_DATA:
550 log_classic_pairing_event(RawAddress::kEmpty,
551 bluetooth::common::kUnknownConnectionHandle,
552 opcode, hci_event, cmd_status,
553 android::bluetooth::hci::STATUS_UNKNOWN, 0);
554 break;
555 case HCI_WRITE_SIMPLE_PAIRING_MODE: {
556 uint8_t simple_pairing_mode;
557 STREAM_TO_UINT8(simple_pairing_mode, p_cmd);
558 log_classic_pairing_event(
559 RawAddress::kEmpty, bluetooth::common::kUnknownConnectionHandle,
560 opcode, hci_event, cmd_status,
561 android::bluetooth::hci::STATUS_UNKNOWN, simple_pairing_mode);
562 break;
563 }
564 case HCI_WRITE_SECURE_CONNS_SUPPORT: {
565 uint8_t secure_conn_host_support;
566 STREAM_TO_UINT8(secure_conn_host_support, p_cmd);
567 log_classic_pairing_event(
568 RawAddress::kEmpty, bluetooth::common::kUnknownConnectionHandle,
569 opcode, hci_event, cmd_status,
570 android::bluetooth::hci::STATUS_UNKNOWN, secure_conn_host_support);
571 break;
572 }
573 case HCI_AUTHENTICATION_REQUESTED:
574 STREAM_TO_UINT16(handle, p_cmd);
575 log_classic_pairing_event(RawAddress::kEmpty, handle, opcode, hci_event,
576 cmd_status,
577 android::bluetooth::hci::STATUS_UNKNOWN, 0);
578 break;
579 case HCI_SET_CONN_ENCRYPTION: {
580 STREAM_TO_UINT16(handle, p_cmd);
581 uint8_t encryption_enable;
582 STREAM_TO_UINT8(encryption_enable, p_cmd);
583 log_classic_pairing_event(
584 RawAddress::kEmpty, handle, opcode, hci_event, cmd_status,
585 android::bluetooth::hci::STATUS_UNKNOWN, encryption_enable);
586 break;
587 }
588 case HCI_DELETE_STORED_LINK_KEY: {
589 uint8_t delete_all_flag;
590 STREAM_TO_BDADDR(bd_addr, p_cmd);
591 STREAM_TO_UINT8(delete_all_flag, p_cmd);
592 log_classic_pairing_event(
593 bd_addr, bluetooth::common::kUnknownConnectionHandle, opcode,
594 hci_event, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN,
595 delete_all_flag);
596 break;
597 }
598 case HCI_RMT_NAME_REQUEST:
599 case HCI_RMT_NAME_REQUEST_CANCEL:
600 case HCI_LINK_KEY_REQUEST_REPLY:
601 case HCI_LINK_KEY_REQUEST_NEG_REPLY:
602 case HCI_IO_CAPABILITY_REQUEST_REPLY:
603 case HCI_USER_CONF_REQUEST_REPLY:
604 case HCI_USER_CONF_VALUE_NEG_REPLY:
605 case HCI_USER_PASSKEY_REQ_REPLY:
606 case HCI_USER_PASSKEY_REQ_NEG_REPLY:
607 case HCI_REM_OOB_DATA_REQ_REPLY:
608 case HCI_REM_OOB_DATA_REQ_NEG_REPLY:
609 STREAM_TO_BDADDR(bd_addr, p_cmd);
610 log_classic_pairing_event(
611 bd_addr, bluetooth::common::kUnknownConnectionHandle, opcode,
612 hci_event, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN, 0);
613 break;
614 case HCI_IO_CAP_REQ_NEG_REPLY:
615 STREAM_TO_BDADDR(bd_addr, p_cmd);
616 STREAM_TO_UINT8(reason, p_cmd);
617 log_classic_pairing_event(bd_addr,
618 bluetooth::common::kUnknownConnectionHandle,
619 opcode, hci_event, cmd_status, reason, 0);
620 break;
621 }
622 }
623
624 /*******************************************************************************
625 *
626 * Function btu_hcif_send_cmd
627 *
628 * Description This function is called to send commands to the Host
629 * Controller.
630 *
631 * Returns void
632 *
633 ******************************************************************************/
btu_hcif_send_cmd(UNUSED_ATTR uint8_t controller_id,const BT_HDR * p_buf)634 void btu_hcif_send_cmd(UNUSED_ATTR uint8_t controller_id, const BT_HDR* p_buf) {
635 if (!p_buf) return;
636
637 uint16_t opcode;
638 const uint8_t* stream = p_buf->data + p_buf->offset;
639 void* vsc_callback = NULL;
640
641 STREAM_TO_UINT16(opcode, stream);
642
643 // Eww...horrible hackery here
644 /* If command was a VSC, then extract command_complete callback */
645 if ((opcode & HCI_GRP_VENDOR_SPECIFIC) == HCI_GRP_VENDOR_SPECIFIC ||
646 (opcode == HCI_BLE_RAND) || (opcode == HCI_BLE_ENCRYPT)) {
647 vsc_callback = *((void**)(p_buf + 1));
648 }
649
650 // Skip parameter length before logging
651 stream++;
652 btu_hcif_log_command_metrics(opcode, stream,
653 android::bluetooth::hci::STATUS_UNKNOWN, false);
654
655 bluetooth::shim::hci_layer_get_interface()->transmit_command(
656 p_buf, btu_hcif_command_complete_evt, btu_hcif_command_status_evt,
657 vsc_callback);
658 }
659
660 using hci_cmd_cb = base::OnceCallback<void(
661 uint8_t* /* return_parameters */, uint16_t /* return_parameters_length*/)>;
662
663 struct cmd_with_cb_data {
664 hci_cmd_cb cb;
665 base::Location posted_from;
666 };
667
cmd_with_cb_data_init(cmd_with_cb_data * cb_wrapper)668 void cmd_with_cb_data_init(cmd_with_cb_data* cb_wrapper) {
669 new (&cb_wrapper->cb) hci_cmd_cb;
670 new (&cb_wrapper->posted_from) Location;
671 }
672
cmd_with_cb_data_cleanup(cmd_with_cb_data * cb_wrapper)673 void cmd_with_cb_data_cleanup(cmd_with_cb_data* cb_wrapper) {
674 cb_wrapper->cb.~hci_cmd_cb();
675 cb_wrapper->posted_from.~Location();
676 }
677
678 /**
679 * Log command complete events that is not handled individually in this file
680 * @param opcode opcode of the command
681 * @param p_return_params pointer to returned parameter after parameter length
682 * field
683 */
btu_hcif_log_command_complete_metrics(uint16_t opcode,const uint8_t * p_return_params)684 static void btu_hcif_log_command_complete_metrics(
685 uint16_t opcode, const uint8_t* p_return_params) {
686 uint16_t status = android::bluetooth::hci::STATUS_UNKNOWN;
687 uint16_t reason = android::bluetooth::hci::STATUS_UNKNOWN;
688 uint16_t hci_event = android::bluetooth::hci::EVT_COMMAND_COMPLETE;
689 RawAddress bd_addr = RawAddress::kEmpty;
690 switch (opcode) {
691 case HCI_DELETE_STORED_LINK_KEY:
692 case HCI_READ_LOCAL_OOB_DATA:
693 case HCI_WRITE_SIMPLE_PAIRING_MODE:
694 case HCI_WRITE_SECURE_CONNS_SUPPORT:
695 STREAM_TO_UINT8(status, p_return_params);
696 log_classic_pairing_event(RawAddress::kEmpty,
697 bluetooth::common::kUnknownConnectionHandle,
698 opcode, hci_event, status, reason, 0);
699 break;
700 case HCI_READ_ENCR_KEY_SIZE: {
701 uint16_t handle;
702 uint8_t key_size;
703 STREAM_TO_UINT8(status, p_return_params);
704 STREAM_TO_UINT16(handle, p_return_params);
705 STREAM_TO_UINT8(key_size, p_return_params);
706 log_classic_pairing_event(RawAddress::kEmpty, handle, opcode, hci_event,
707 status, reason, key_size);
708 break;
709 }
710 case HCI_LINK_KEY_REQUEST_REPLY:
711 case HCI_LINK_KEY_REQUEST_NEG_REPLY:
712 case HCI_IO_CAPABILITY_REQUEST_REPLY:
713 case HCI_IO_CAP_REQ_NEG_REPLY:
714 case HCI_USER_CONF_REQUEST_REPLY:
715 case HCI_USER_CONF_VALUE_NEG_REPLY:
716 case HCI_USER_PASSKEY_REQ_REPLY:
717 case HCI_USER_PASSKEY_REQ_NEG_REPLY:
718 case HCI_REM_OOB_DATA_REQ_REPLY:
719 case HCI_REM_OOB_DATA_REQ_NEG_REPLY:
720 STREAM_TO_UINT8(status, p_return_params);
721 STREAM_TO_BDADDR(bd_addr, p_return_params);
722 log_classic_pairing_event(bd_addr,
723 bluetooth::common::kUnknownConnectionHandle,
724 opcode, hci_event, status, reason, 0);
725 break;
726 }
727 }
728
btu_hcif_command_complete_evt_with_cb_on_task(BT_HDR * event,void * context)729 static void btu_hcif_command_complete_evt_with_cb_on_task(BT_HDR* event,
730 void* context) {
731 command_opcode_t opcode;
732 // 2 for event header: event code (1) + parameter length (1)
733 // 1 for num_hci_pkt command credit
734 uint8_t* stream = event->data + event->offset + 3;
735 STREAM_TO_UINT16(opcode, stream);
736
737 btu_hcif_log_command_complete_metrics(opcode, stream);
738
739 cmd_with_cb_data* cb_wrapper = (cmd_with_cb_data*)context;
740 HCI_TRACE_DEBUG("command complete for: %s",
741 cb_wrapper->posted_from.ToString().c_str());
742 // 2 for event header: event code (1) + parameter length (1)
743 // 3 for command complete header: num_hci_pkt (1) + opcode (2)
744 uint16_t param_len = static_cast<uint16_t>(event->len - 5);
745 std::move(cb_wrapper->cb).Run(stream, param_len);
746 cmd_with_cb_data_cleanup(cb_wrapper);
747 osi_free(cb_wrapper);
748
749 osi_free(event);
750 }
751
btu_hcif_command_complete_evt_with_cb(BT_HDR * response,void * context)752 static void btu_hcif_command_complete_evt_with_cb(BT_HDR* response,
753 void* context) {
754 do_in_main_thread(FROM_HERE,
755 base::Bind(btu_hcif_command_complete_evt_with_cb_on_task,
756 response, context));
757 }
758
btu_hcif_command_status_evt_with_cb_on_task(uint8_t status,BT_HDR * event,void * context)759 static void btu_hcif_command_status_evt_with_cb_on_task(uint8_t status,
760 BT_HDR* event,
761 void* context) {
762 command_opcode_t opcode;
763 uint8_t* stream = event->data + event->offset;
764 STREAM_TO_UINT16(opcode, stream);
765
766 CHECK(status != 0);
767
768 // stream + 1 to skip parameter length field
769 // No need to check length since stream is written by us
770 btu_hcif_log_command_metrics(opcode, stream + 1, status, true);
771
772 // report command status error
773 cmd_with_cb_data* cb_wrapper = (cmd_with_cb_data*)context;
774 HCI_TRACE_DEBUG("command status for: %s",
775 cb_wrapper->posted_from.ToString().c_str());
776 std::move(cb_wrapper->cb).Run(&status, sizeof(uint16_t));
777 cmd_with_cb_data_cleanup(cb_wrapper);
778 osi_free(cb_wrapper);
779
780 osi_free(event);
781 }
782
btu_hcif_command_status_evt_with_cb(uint8_t status,BT_HDR * command,void * context)783 static void btu_hcif_command_status_evt_with_cb(uint8_t status, BT_HDR* command,
784 void* context) {
785 // Command is pending, we report only error.
786 if (!status) {
787 osi_free(command);
788 return;
789 }
790
791 do_in_main_thread(
792 FROM_HERE, base::Bind(btu_hcif_command_status_evt_with_cb_on_task, status,
793 command, context));
794 }
795
796 /* This function is called to send commands to the Host Controller. |cb| is
797 * called when command status event is called with error code, or when the
798 * command complete event is received. */
btu_hcif_send_cmd_with_cb(const base::Location & posted_from,uint16_t opcode,uint8_t * params,uint8_t params_len,hci_cmd_cb cb)799 void btu_hcif_send_cmd_with_cb(const base::Location& posted_from,
800 uint16_t opcode, uint8_t* params,
801 uint8_t params_len, hci_cmd_cb cb) {
802 BT_HDR* p = (BT_HDR*)osi_malloc(HCI_CMD_BUF_SIZE);
803 uint8_t* pp = (uint8_t*)(p + 1);
804
805 p->len = HCIC_PREAMBLE_SIZE + params_len;
806 p->offset = 0;
807
808 UINT16_TO_STREAM(pp, opcode);
809 UINT8_TO_STREAM(pp, params_len);
810 if (params) {
811 memcpy(pp, params, params_len);
812 }
813
814 btu_hcif_log_command_metrics(opcode, pp,
815 android::bluetooth::hci::STATUS_UNKNOWN, false);
816
817 cmd_with_cb_data* cb_wrapper =
818 (cmd_with_cb_data*)osi_malloc(sizeof(cmd_with_cb_data));
819
820 cmd_with_cb_data_init(cb_wrapper);
821 cb_wrapper->cb = std::move(cb);
822 cb_wrapper->posted_from = posted_from;
823
824 bluetooth::shim::hci_layer_get_interface()->transmit_command(
825 p, btu_hcif_command_complete_evt_with_cb,
826 btu_hcif_command_status_evt_with_cb, (void*)cb_wrapper);
827 }
828
829 /*******************************************************************************
830 *
831 * Function btu_hcif_inquiry_comp_evt
832 *
833 * Description Process event HCI_INQUIRY_COMP_EVT
834 *
835 * Returns void
836 *
837 ******************************************************************************/
btu_hcif_inquiry_comp_evt(uint8_t * p)838 static void btu_hcif_inquiry_comp_evt(uint8_t* p) {
839 uint8_t status;
840
841 STREAM_TO_UINT8(status, p);
842
843 /* Tell inquiry processing that we are done */
844 btm_process_inq_complete(to_hci_status_code(status), BTM_BR_INQUIRY_MASK);
845 }
846
847 /*******************************************************************************
848 *
849 * Function btu_hcif_authentication_comp_evt
850 *
851 * Description Process event HCI_AUTHENTICATION_COMP_EVT
852 *
853 * Returns void
854 *
855 ******************************************************************************/
btu_hcif_authentication_comp_evt(uint8_t * p)856 static void btu_hcif_authentication_comp_evt(uint8_t* p) {
857 uint8_t status;
858 uint16_t handle;
859
860 STREAM_TO_UINT8(status, p);
861 STREAM_TO_UINT16(handle, p);
862
863 btm_sec_auth_complete(handle, static_cast<tHCI_STATUS>(status));
864 }
865
866 /*******************************************************************************
867 *
868 * Function btu_hcif_rmt_name_request_comp_evt
869 *
870 * Description Process event HCI_RMT_NAME_REQUEST_COMP_EVT
871 *
872 * Returns void
873 *
874 ******************************************************************************/
btu_hcif_rmt_name_request_comp_evt(const uint8_t * p,uint16_t evt_len)875 static void btu_hcif_rmt_name_request_comp_evt(const uint8_t* p,
876 uint16_t evt_len) {
877 uint8_t status;
878 RawAddress bd_addr;
879
880 STREAM_TO_UINT8(status, p);
881 STREAM_TO_BDADDR(bd_addr, p);
882
883 evt_len -= (1 + BD_ADDR_LEN);
884
885 btm_process_remote_name(&bd_addr, p, evt_len, to_hci_status_code(status));
886
887 btm_sec_rmt_name_request_complete(&bd_addr, p, to_hci_status_code(status));
888 }
889
890 constexpr uint8_t MIN_KEY_SIZE = 7;
891
read_encryption_key_size_complete_after_encryption_change(uint8_t status,uint16_t handle,uint8_t key_size)892 static void read_encryption_key_size_complete_after_encryption_change(uint8_t status, uint16_t handle,
893 uint8_t key_size) {
894 if (status == HCI_ERR_INSUFFCIENT_SECURITY) {
895 /* If remote device stop the encryption before we call "Read Encryption Key
896 * Size", we might receive Insufficient Security, which means that link is
897 * no longer encrypted. */
898 LOG(INFO) << __func__ << ": encryption stopped on link: " << loghex(handle);
899 return;
900 }
901
902 if (status != HCI_SUCCESS) {
903 LOG(INFO) << __func__ << ": disconnecting, status: " << loghex(status);
904 acl_disconnect_from_handle(handle, HCI_ERR_PEER_USER,
905 "stack::btu::btu_hcif::read_encryption_key_size_"
906 "complete_after_encryption_change Bad key size");
907 return;
908 }
909
910 if (key_size < MIN_KEY_SIZE) {
911 LOG(ERROR) << __func__ << " encryption key too short, disconnecting. handle: " << loghex(handle)
912 << " key_size: " << +key_size;
913
914 acl_disconnect_from_handle(
915 handle, HCI_ERR_HOST_REJECT_SECURITY,
916 "stack::btu::btu_hcif::read_encryption_key_size_complete_after_"
917 "encryption_change Key Too Short");
918 return;
919 }
920
921 // good key size - succeed
922 btm_acl_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
923 1 /* enable */);
924 btm_sec_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
925 1 /* enable */);
926 }
927 /*******************************************************************************
928 *
929 * Function btu_hcif_encryption_change_evt
930 *
931 * Description Process event HCI_ENCRYPTION_CHANGE_EVT
932 *
933 * Returns void
934 *
935 ******************************************************************************/
btu_hcif_encryption_change_evt(uint8_t * p)936 static void btu_hcif_encryption_change_evt(uint8_t* p) {
937 uint8_t status;
938 uint16_t handle;
939 uint8_t encr_enable;
940
941 STREAM_TO_UINT8(status, p);
942 STREAM_TO_UINT16(handle, p);
943 STREAM_TO_UINT8(encr_enable, p);
944
945 if (status != HCI_SUCCESS || encr_enable == 0 ||
946 BTM_IsBleConnection(handle) ||
947 (bluetooth::common::init_flags::read_encryption_key_size_is_enabled() &&
948 !controller_get_interface()->supports_read_encryption_key_size()) ||
949 // Skip encryption key size check when using set_min_encryption_key_size
950 (bluetooth::common::init_flags::set_min_encryption_is_enabled() &&
951 controller_get_interface()->supports_set_min_encryption_key_size())) {
952 if (status == HCI_ERR_CONNECTION_TOUT) {
953 smp_cancel_start_encryption_attempt();
954 return;
955 }
956
957 btm_acl_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
958 encr_enable);
959 btm_sec_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
960 encr_enable);
961 } else {
962 btsnd_hcic_read_encryption_key_size(
963 handle,
964 base::Bind(&read_encryption_key_size_complete_after_encryption_change));
965 }
966 }
967
968 /*******************************************************************************
969 *
970 * Function btu_hcif_read_rmt_ext_features_comp_evt
971 *
972 * Description Process event HCI_READ_RMT_EXT_FEATURES_COMP_EVT
973 *
974 * Returns void
975 *
976 ******************************************************************************/
btu_hcif_read_rmt_ext_features_comp_evt(uint8_t * p,uint8_t evt_len)977 static void btu_hcif_read_rmt_ext_features_comp_evt(uint8_t* p,
978 uint8_t evt_len) {
979 uint8_t* p_cur = p;
980 uint8_t status;
981 uint16_t handle;
982
983 STREAM_TO_UINT8(status, p_cur);
984
985 if (status == HCI_SUCCESS)
986 btm_read_remote_ext_features_complete_raw(p, evt_len);
987 else {
988 STREAM_TO_UINT16(handle, p_cur);
989 btm_read_remote_ext_features_failed(status, handle);
990 }
991 }
992
993 /*******************************************************************************
994 *
995 * Function btu_hcif_esco_connection_comp_evt
996 *
997 * Description Process event HCI_ESCO_CONNECTION_COMP_EVT
998 *
999 * Returns void
1000 *
1001 ******************************************************************************/
btu_hcif_esco_connection_comp_evt(const uint8_t * p)1002 static void btu_hcif_esco_connection_comp_evt(const uint8_t* p) {
1003 tBTM_ESCO_DATA data;
1004 uint16_t handle;
1005 RawAddress bda;
1006 uint8_t status;
1007
1008 STREAM_TO_UINT8(status, p);
1009 STREAM_TO_UINT16(handle, p);
1010 STREAM_TO_BDADDR(bda, p);
1011
1012 STREAM_TO_UINT8(data.link_type, p);
1013 STREAM_SKIP_UINT8(p); // tx_interval
1014 STREAM_SKIP_UINT8(p); // retrans_window
1015 STREAM_SKIP_UINT16(p); // rx_pkt_len
1016 STREAM_SKIP_UINT16(p); // tx_pkt_len
1017 STREAM_SKIP_UINT8(p); // air_mode
1018
1019 handle = HCID_GET_HANDLE(handle);
1020 ASSERT_LOG(
1021 handle <= HCI_HANDLE_MAX,
1022 "Received eSCO connection complete event with invalid handle: 0x%X "
1023 "that should be <= 0x%X",
1024 handle, HCI_HANDLE_MAX);
1025
1026 data.bd_addr = bda;
1027 if (status == HCI_SUCCESS) {
1028 btm_sco_connected(bda, handle, &data);
1029 } else {
1030 btm_sco_connection_failed(static_cast<tHCI_STATUS>(status), bda, handle,
1031 &data);
1032 }
1033 }
1034
1035 /*******************************************************************************
1036 *
1037 * Function btu_hcif_esco_connection_chg_evt
1038 *
1039 * Description Process event HCI_ESCO_CONNECTION_CHANGED_EVT
1040 *
1041 * Returns void
1042 *
1043 ******************************************************************************/
btu_hcif_esco_connection_chg_evt(uint8_t * p)1044 static void btu_hcif_esco_connection_chg_evt(uint8_t* p) {
1045 uint16_t handle;
1046 uint16_t tx_pkt_len;
1047 uint16_t rx_pkt_len;
1048 uint8_t status;
1049 uint8_t tx_interval;
1050 uint8_t retrans_window;
1051
1052 STREAM_TO_UINT8(status, p);
1053 STREAM_TO_UINT16(handle, p);
1054
1055 STREAM_TO_UINT8(tx_interval, p);
1056 STREAM_TO_UINT8(retrans_window, p);
1057 STREAM_TO_UINT16(rx_pkt_len, p);
1058 STREAM_TO_UINT16(tx_pkt_len, p);
1059
1060 handle = HCID_GET_HANDLE(handle);
1061 }
1062
1063 /*******************************************************************************
1064 *
1065 * Function btu_hcif_hdl_command_complete
1066 *
1067 * Description Handle command complete event
1068 *
1069 * Returns void
1070 *
1071 ******************************************************************************/
btu_hcif_hdl_command_complete(uint16_t opcode,uint8_t * p,uint16_t evt_len,void * p_cplt_cback)1072 static void btu_hcif_hdl_command_complete(uint16_t opcode, uint8_t* p,
1073 uint16_t evt_len,
1074 void* p_cplt_cback) {
1075 switch (opcode) {
1076 case HCI_INQUIRY_CANCEL:
1077 /* Tell inquiry processing that we are done */
1078 btm_process_cancel_complete(HCI_SUCCESS, BTM_BR_INQUIRY_MASK);
1079 break;
1080 case HCI_SET_EVENT_FILTER:
1081 break;
1082
1083 case HCI_DELETE_STORED_LINK_KEY:
1084 btm_delete_stored_link_key_complete(p, evt_len);
1085 break;
1086
1087 case HCI_READ_LOCAL_NAME:
1088 btm_read_local_name_complete(p, evt_len);
1089 break;
1090
1091 case HCI_GET_LINK_QUALITY:
1092 btm_read_link_quality_complete(p, evt_len);
1093 break;
1094
1095 case HCI_READ_RSSI:
1096 btm_read_rssi_complete(p, evt_len);
1097 break;
1098
1099 case HCI_READ_FAILED_CONTACT_COUNTER:
1100 btm_read_failed_contact_counter_complete(p);
1101 break;
1102
1103 case HCI_READ_AUTOMATIC_FLUSH_TIMEOUT:
1104 btm_read_automatic_flush_timeout_complete(p);
1105 break;
1106
1107 case HCI_READ_TRANSMIT_POWER_LEVEL:
1108 btm_read_tx_power_complete(p, evt_len, false);
1109 break;
1110
1111 case HCI_CREATE_CONNECTION_CANCEL:
1112 btm_create_conn_cancel_complete(p, evt_len);
1113 break;
1114
1115 case HCI_READ_LOCAL_OOB_DATA:
1116 btm_read_local_oob_complete(p, evt_len);
1117 break;
1118
1119 case HCI_READ_INQ_TX_POWER_LEVEL:
1120 break;
1121
1122 /* BLE Commands sComplete*/
1123 case HCI_BLE_RAND:
1124 case HCI_BLE_ENCRYPT:
1125 btm_ble_rand_enc_complete(p, evt_len, opcode, (tBTM_RAND_ENC_CB*)p_cplt_cback);
1126 break;
1127
1128 case HCI_BLE_READ_ADV_CHNL_TX_POWER:
1129 btm_read_tx_power_complete(p, evt_len, true);
1130 break;
1131
1132 case HCI_BLE_WRITE_ADV_ENABLE:
1133 btm_ble_write_adv_enable_complete(p, evt_len);
1134 break;
1135
1136 case HCI_BLE_CREATE_LL_CONN:
1137 case HCI_LE_EXTENDED_CREATE_CONNECTION:
1138 // No command complete event for those commands according to spec
1139 LOG(ERROR) << "No command complete expected, but received!";
1140 break;
1141
1142 case HCI_BLE_ADD_DEV_RESOLVING_LIST:
1143 btm_ble_add_resolving_list_entry_complete(p, evt_len);
1144 break;
1145
1146 case HCI_BLE_RM_DEV_RESOLVING_LIST:
1147 btm_ble_remove_resolving_list_entry_complete(p, evt_len);
1148 break;
1149
1150 case HCI_BLE_CLEAR_RESOLVING_LIST:
1151 btm_ble_clear_resolving_list_complete(p, evt_len);
1152 break;
1153
1154 case HCI_BLE_READ_RESOLVABLE_ADDR_PEER:
1155 btm_ble_read_resolving_list_entry_complete(p, evt_len);
1156 break;
1157
1158 case HCI_BLE_READ_RESOLVABLE_ADDR_LOCAL:
1159 case HCI_BLE_SET_ADDR_RESOLUTION_ENABLE:
1160 case HCI_BLE_SET_RAND_PRIV_ADDR_TIMOUT:
1161 break;
1162
1163 case HCI_BLE_CREATE_CONN_CANCEL:
1164 LOG_ERROR(
1165 "Unexpectedly received command complete for opcode:0x%02x that "
1166 "should not be "
1167 "handled here",
1168 opcode);
1169 break;
1170 default:
1171 if ((opcode & HCI_GRP_VENDOR_SPECIFIC) == HCI_GRP_VENDOR_SPECIFIC)
1172 btm_vsc_complete(p, opcode, evt_len, (tBTM_VSC_CMPL_CB*)p_cplt_cback);
1173 break;
1174 }
1175 }
1176
1177 /*******************************************************************************
1178 *
1179 * Function btu_hcif_command_complete_evt
1180 *
1181 * Description Process event HCI_COMMAND_COMPLETE_EVT
1182 *
1183 * Returns void
1184 *
1185 ******************************************************************************/
btu_hcif_command_complete_evt_on_task(BT_HDR * event,void * context)1186 static void btu_hcif_command_complete_evt_on_task(BT_HDR* event,
1187 void* context) {
1188 command_opcode_t opcode;
1189 // 2 for event header: event code (1) + parameter length (1)
1190 // 1 for num_hci_pkt command credit
1191 uint8_t* stream = event->data + event->offset + 3;
1192 STREAM_TO_UINT16(opcode, stream);
1193
1194 btu_hcif_log_command_complete_metrics(opcode, stream);
1195 // 2 for event header: event code (1) + parameter length (1)
1196 // 3 for command complete header: num_hci_pkt (1) + opcode (2)
1197 uint16_t param_len = static_cast<uint16_t>(event->len - 5);
1198 btu_hcif_hdl_command_complete(opcode, stream, param_len, context);
1199
1200 osi_free(event);
1201 }
1202
btu_hcif_command_complete_evt(BT_HDR * response,void * context)1203 static void btu_hcif_command_complete_evt(BT_HDR* response, void* context) {
1204 do_in_main_thread(FROM_HERE, base::Bind(btu_hcif_command_complete_evt_on_task,
1205 response, context));
1206 }
1207
1208 /*******************************************************************************
1209 *
1210 * Function btu_hcif_hdl_command_status
1211 *
1212 * Description Handle a command status event
1213 *
1214 * Returns void
1215 *
1216 ******************************************************************************/
btu_hcif_hdl_command_status(uint16_t opcode,uint8_t status,const uint8_t * p_cmd,void * p_vsc_status_cback)1217 static void btu_hcif_hdl_command_status(uint16_t opcode, uint8_t status,
1218 const uint8_t* p_cmd,
1219 void* p_vsc_status_cback) {
1220 CHECK_NE(p_cmd, nullptr) << "Null command for opcode 0x" << loghex(opcode);
1221 p_cmd++; // Skip parameter total length
1222
1223 RawAddress bd_addr;
1224 uint16_t handle;
1225
1226 switch (opcode) {
1227 // Link Control Commands
1228 case HCI_INQUIRY:
1229 if (status != HCI_SUCCESS) {
1230 // Tell inquiry processing that we are done
1231 btm_process_inq_complete(to_hci_status_code(status),
1232 BTM_BR_INQUIRY_MASK);
1233 }
1234 break;
1235 case HCI_SWITCH_ROLE:
1236 if (status != HCI_SUCCESS) {
1237 // Tell BTM that the command failed
1238 STREAM_TO_BDADDR(bd_addr, p_cmd);
1239 btm_acl_role_changed(static_cast<tHCI_STATUS>(status), bd_addr,
1240 HCI_ROLE_UNKNOWN);
1241 }
1242 break;
1243 case HCI_CREATE_CONNECTION:
1244 if (status != HCI_SUCCESS) {
1245 STREAM_TO_BDADDR(bd_addr, p_cmd);
1246 btm_acl_connected(bd_addr, HCI_INVALID_HANDLE,
1247 static_cast<tHCI_STATUS>(status), 0);
1248 }
1249 break;
1250 case HCI_AUTHENTICATION_REQUESTED:
1251 if (status != HCI_SUCCESS) {
1252 // Device refused to start authentication
1253 // This is treated as an authentication failure
1254 btm_sec_auth_complete(HCI_INVALID_HANDLE,
1255 static_cast<tHCI_STATUS>(status));
1256 }
1257 break;
1258 case HCI_SET_CONN_ENCRYPTION:
1259 if (status != HCI_SUCCESS) {
1260 // Device refused to start encryption
1261 // This is treated as an encryption failure
1262 btm_sec_encrypt_change(HCI_INVALID_HANDLE,
1263 static_cast<tHCI_STATUS>(status), false);
1264 }
1265 break;
1266 case HCI_RMT_NAME_REQUEST:
1267 if (status != HCI_SUCCESS) {
1268 // Tell inquiry processing that we are done
1269 btm_process_remote_name(nullptr, nullptr, 0,
1270 to_hci_status_code(status));
1271 btm_sec_rmt_name_request_complete(nullptr, nullptr,
1272 to_hci_status_code(status));
1273 }
1274 break;
1275 case HCI_READ_RMT_EXT_FEATURES:
1276 if (status != HCI_SUCCESS) {
1277 STREAM_TO_UINT16(handle, p_cmd);
1278 btm_read_remote_ext_features_failed(status, handle);
1279 }
1280 break;
1281 case HCI_SETUP_ESCO_CONNECTION:
1282 case HCI_ENH_SETUP_ESCO_CONNECTION:
1283 if (status != HCI_SUCCESS) {
1284 STREAM_TO_UINT16(handle, p_cmd);
1285 RawAddress addr(RawAddress::kEmpty);
1286 btm_sco_connection_failed(static_cast<tHCI_STATUS>(status), addr,
1287 handle, nullptr);
1288 }
1289 break;
1290
1291 // BLE Commands
1292 case HCI_BLE_CREATE_LL_CONN:
1293 case HCI_LE_EXTENDED_CREATE_CONNECTION:
1294 if (status != HCI_SUCCESS) {
1295 btm_ble_create_ll_conn_complete(static_cast<tHCI_STATUS>(status));
1296 }
1297 break;
1298 case HCI_BLE_START_ENC:
1299 // Race condition: disconnection happened right before we send
1300 // "LE Encrypt", controller responds with no connection, we should
1301 // cancel the encryption attempt, rather than unpair the device.
1302 if (status == HCI_ERR_NO_CONNECTION) {
1303 smp_cancel_start_encryption_attempt();
1304 }
1305 break;
1306
1307 // Link Policy Commands
1308 case HCI_EXIT_SNIFF_MODE:
1309 case HCI_EXIT_PARK_MODE:
1310 if (status != HCI_SUCCESS) {
1311 // Allow SCO initiation to continue if waiting for change mode event
1312 STREAM_TO_UINT16(handle, p_cmd);
1313 btm_sco_chk_pend_unpark(static_cast<tHCI_STATUS>(status), handle);
1314 }
1315 FALLTHROUGH_INTENDED; /* FALLTHROUGH */
1316 case HCI_HOLD_MODE:
1317 case HCI_SNIFF_MODE:
1318 case HCI_PARK_MODE:
1319 btm_pm_proc_cmd_status(static_cast<tHCI_STATUS>(status));
1320 break;
1321
1322 default:
1323 if ((opcode & HCI_GRP_VENDOR_SPECIFIC) == HCI_GRP_VENDOR_SPECIFIC) {
1324 btm_vsc_complete(&status, opcode, 1,
1325 (tBTM_VSC_CMPL_CB*)p_vsc_status_cback);
1326 }
1327 }
1328 }
1329
btu_hcif_hdl_command_status(uint16_t opcode,uint8_t status,const uint8_t * p_cmd,void * p_vsc_status_cback)1330 void bluetooth::legacy::testing::btu_hcif_hdl_command_status(
1331 uint16_t opcode, uint8_t status, const uint8_t* p_cmd,
1332 void* p_vsc_status_cback) {
1333 ::btu_hcif_hdl_command_status(opcode, status, p_cmd, p_vsc_status_cback);
1334 }
1335
1336 /*******************************************************************************
1337 *
1338 * Function btu_hcif_command_status_evt
1339 *
1340 * Description Process event HCI_COMMAND_STATUS_EVT
1341 *
1342 * Returns void
1343 *
1344 ******************************************************************************/
btu_hcif_command_status_evt_on_task(uint8_t status,BT_HDR * event,void * context)1345 static void btu_hcif_command_status_evt_on_task(uint8_t status, BT_HDR* event,
1346 void* context) {
1347 command_opcode_t opcode;
1348 uint8_t* stream = event->data + event->offset;
1349 STREAM_TO_UINT16(opcode, stream);
1350
1351 // stream + 1 to skip parameter length field
1352 // No need to check length since stream is written by us
1353 btu_hcif_log_command_metrics(opcode, stream + 1, status, true);
1354
1355 btu_hcif_hdl_command_status(opcode, status, stream, context);
1356 osi_free(event);
1357 }
1358
btu_hcif_command_status_evt(uint8_t status,BT_HDR * command,void * context)1359 static void btu_hcif_command_status_evt(uint8_t status, BT_HDR* command,
1360 void* context) {
1361 do_in_main_thread(FROM_HERE, base::Bind(btu_hcif_command_status_evt_on_task,
1362 status, command, context));
1363 }
1364
1365 /*******************************************************************************
1366 *
1367 * Function btu_hcif_hardware_error_evt
1368 *
1369 * Description Process event HCI_HARDWARE_ERROR_EVT
1370 *
1371 * Returns void
1372 *
1373 ******************************************************************************/
btu_hcif_hardware_error_evt(uint8_t * p)1374 static void btu_hcif_hardware_error_evt(uint8_t* p) {
1375 LOG_ERROR("UNHANDLED Ctlr H/w error event - code:0x%x", *p);
1376 BTA_sys_signal_hw_error();
1377 }
1378
1379 /*******************************************************************************
1380 *
1381 * Function btu_hcif_mode_change_evt
1382 *
1383 * Description Process event HCI_MODE_CHANGE_EVT
1384 *
1385 * Returns void
1386 *
1387 ******************************************************************************/
btu_hcif_mode_change_evt(uint8_t * p)1388 static void btu_hcif_mode_change_evt(uint8_t* p) {
1389 uint8_t status;
1390 uint16_t handle;
1391 uint8_t current_mode;
1392 uint16_t interval;
1393
1394 STREAM_TO_UINT8(status, p);
1395
1396 STREAM_TO_UINT16(handle, p);
1397 STREAM_TO_UINT8(current_mode, p);
1398 STREAM_TO_UINT16(interval, p);
1399 btm_sco_chk_pend_unpark(static_cast<tHCI_STATUS>(status), handle);
1400 btm_pm_proc_mode_change(static_cast<tHCI_STATUS>(status), handle,
1401 static_cast<tHCI_MODE>(current_mode), interval);
1402
1403 #if (HID_DEV_INCLUDED == TRUE && HID_DEV_PM_INCLUDED == TRUE)
1404 hidd_pm_proc_mode_change(status, current_mode, interval);
1405 #endif
1406 }
1407
1408 /*******************************************************************************
1409 *
1410 * Function btu_hcif_link_key_notification_evt
1411 *
1412 * Description Process event HCI_LINK_KEY_NOTIFICATION_EVT
1413 *
1414 * Returns void
1415 *
1416 ******************************************************************************/
btu_hcif_link_key_notification_evt(const uint8_t * p)1417 static void btu_hcif_link_key_notification_evt(const uint8_t* p) {
1418 RawAddress bda;
1419 Octet16 key;
1420 uint8_t key_type;
1421
1422 STREAM_TO_BDADDR(bda, p);
1423 STREAM_TO_ARRAY16(key.data(), p);
1424 STREAM_TO_UINT8(key_type, p);
1425
1426 btm_sec_link_key_notification(bda, key, key_type);
1427 }
1428
1429 /*******************************************************************************
1430 *
1431 * Function btu_hcif_read_clock_off_comp_evt
1432 *
1433 * Description Process event HCI_READ_CLOCK_OFF_COMP_EVT
1434 *
1435 * Returns void
1436 *
1437 ******************************************************************************/
btu_hcif_read_clock_off_comp_evt(uint8_t * p)1438 static void btu_hcif_read_clock_off_comp_evt(uint8_t* p) {
1439 uint8_t status;
1440 uint16_t handle;
1441 uint16_t clock_offset;
1442
1443 STREAM_TO_UINT8(status, p);
1444
1445 /* If failed to get clock offset just drop the result */
1446 if (status != HCI_SUCCESS) return;
1447
1448 STREAM_TO_UINT16(handle, p);
1449 STREAM_TO_UINT16(clock_offset, p);
1450
1451 handle = HCID_GET_HANDLE(handle);
1452
1453 btm_sec_update_clock_offset(handle, clock_offset);
1454 }
1455
1456 /**********************************************
1457 * Simple Pairing Events
1458 **********************************************/
1459
1460 /*******************************************************************************
1461 *
1462 * Function btu_hcif_io_cap_request_evt
1463 *
1464 * Description Process event HCI_IO_CAPABILITY_REQUEST_EVT
1465 *
1466 * Returns void
1467 *
1468 ******************************************************************************/
btu_hcif_io_cap_request_evt(const uint8_t * p)1469 static void btu_hcif_io_cap_request_evt(const uint8_t* p) {
1470 RawAddress bda;
1471 STREAM_TO_BDADDR(bda, p);
1472 btm_io_capabilities_req(bda);
1473 }
1474
1475 /**********************************************
1476 * End of Simple Pairing Events
1477 **********************************************/
1478
read_encryption_key_size_complete_after_key_refresh(uint8_t status,uint16_t handle,uint8_t key_size)1479 static void read_encryption_key_size_complete_after_key_refresh(uint8_t status, uint16_t handle, uint8_t key_size) {
1480 if (status == HCI_ERR_INSUFFCIENT_SECURITY) {
1481 /* If remote device stop the encryption before we call "Read Encryption Key
1482 * Size", we might receive Insufficient Security, which means that link is
1483 * no longer encrypted. */
1484 LOG(INFO) << __func__ << ": encryption stopped on link: " << loghex(handle);
1485 return;
1486 }
1487
1488 if (status != HCI_SUCCESS) {
1489 LOG(INFO) << __func__ << ": disconnecting, status: " << loghex(status);
1490 acl_disconnect_from_handle(handle, HCI_ERR_PEER_USER,
1491 "stack::btu_hcif Key size fail");
1492 return;
1493 }
1494
1495 if (key_size < MIN_KEY_SIZE) {
1496 LOG(ERROR) << __func__ << " encryption key too short, disconnecting. handle: " << loghex(handle)
1497 << " key_size: " << +key_size;
1498
1499 acl_disconnect_from_handle(handle, HCI_ERR_HOST_REJECT_SECURITY,
1500 "stack::btu::btu_hcif::read_encryption_key_size_"
1501 "complete_after_key_refresh Key size too small");
1502 return;
1503 }
1504
1505 btm_sec_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
1506 1 /* enc_enable */);
1507 }
1508
btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t * p)1509 static void btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t* p) {
1510 uint8_t status;
1511 uint16_t handle;
1512
1513 STREAM_TO_UINT8(status, p);
1514 STREAM_TO_UINT16(handle, p);
1515
1516 if (status != HCI_SUCCESS || BTM_IsBleConnection(handle) ||
1517 // Skip encryption key size check when using set_min_encryption_key_size
1518 controller_get_interface()->supports_set_min_encryption_key_size()) {
1519 btm_sec_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
1520 (status == HCI_SUCCESS) ? 1 : 0);
1521 } else {
1522 btsnd_hcic_read_encryption_key_size(handle, base::Bind(&read_encryption_key_size_complete_after_key_refresh));
1523 }
1524 }
1525
1526 /**********************************************
1527 * BLE Events
1528 **********************************************/
1529
btu_ble_ll_conn_param_upd_evt(uint8_t * p,uint16_t evt_len)1530 static void btu_ble_ll_conn_param_upd_evt(uint8_t* p, uint16_t evt_len) {
1531 /* LE connection update has completed successfully as a central. */
1532 /* We can enable the update request if the result is a success. */
1533 /* extract the HCI handle first */
1534 uint8_t status;
1535 uint16_t handle;
1536 uint16_t interval;
1537 uint16_t latency;
1538 uint16_t timeout;
1539
1540 if (evt_len < 9) {
1541 LOG_ERROR("Malformated event packet, too short");
1542 return;
1543 }
1544
1545 STREAM_TO_UINT8(status, p);
1546 STREAM_TO_UINT16(handle, p);
1547 STREAM_TO_UINT16(interval, p);
1548 STREAM_TO_UINT16(latency, p);
1549 STREAM_TO_UINT16(timeout, p);
1550
1551 acl_ble_update_event_received(static_cast<tHCI_STATUS>(status), handle,
1552 interval, latency, timeout);
1553 }
1554
btu_ble_proc_ltk_req(uint8_t * p,uint16_t evt_len)1555 static void btu_ble_proc_ltk_req(uint8_t* p, uint16_t evt_len) {
1556 uint16_t ediv, handle;
1557 uint8_t* pp;
1558
1559 // following the spec in Core_v5.3/Vol 4/Part E
1560 // / 7.7.65.5 LE Long Term Key Request event
1561 // A BLE Long Term Key Request event contains:
1562 // - 1-byte subevent (already consumed in btu_hcif_process_event)
1563 // - 2-byte connection handler
1564 // - 8-byte random number
1565 // - 2 byte Encrypted_Diversifier
1566 if (evt_len < 2 + 8 + 2) {
1567 LOG_ERROR("Event packet too short");
1568 return;
1569 }
1570
1571 STREAM_TO_UINT16(handle, p);
1572 pp = p + 8;
1573 STREAM_TO_UINT16(ediv, pp);
1574 btm_ble_ltk_request(handle, p, ediv);
1575 /* This is empty until an upper layer cares about returning event */
1576 }
1577
btu_ble_data_length_change_evt(uint8_t * p,uint16_t evt_len)1578 static void btu_ble_data_length_change_evt(uint8_t* p, uint16_t evt_len) {
1579 uint16_t handle;
1580 uint16_t tx_data_len;
1581 uint16_t rx_data_len;
1582
1583 if (!controller_get_interface()->supports_ble_packet_extension()) {
1584 HCI_TRACE_WARNING("%s, request not supported", __func__);
1585 return;
1586 }
1587
1588 // 2 bytes each for handle, tx_data_len, TxTimer, rx_data_len
1589 if (evt_len < 8) {
1590 LOG_ERROR("Event packet too short");
1591 return;
1592 }
1593
1594 STREAM_TO_UINT16(handle, p);
1595 STREAM_TO_UINT16(tx_data_len, p);
1596 p += 2; /* Skip the TxTimer */
1597 STREAM_TO_UINT16(rx_data_len, p);
1598
1599 l2cble_process_data_length_change_event(handle, tx_data_len, rx_data_len);
1600 }
1601
1602 /**********************************************
1603 * End of BLE Events Handler
1604 **********************************************/
btu_ble_rc_param_req_evt(uint8_t * p,uint8_t len)1605 static void btu_ble_rc_param_req_evt(uint8_t* p, uint8_t len) {
1606 uint16_t handle;
1607 uint16_t int_min, int_max, latency, timeout;
1608
1609 if (len < 10) {
1610 LOG(ERROR) << __func__ << "bogus event packet, too short";
1611 return;
1612 }
1613
1614 STREAM_TO_UINT16(handle, p);
1615 STREAM_TO_UINT16(int_min, p);
1616 STREAM_TO_UINT16(int_max, p);
1617 STREAM_TO_UINT16(latency, p);
1618 STREAM_TO_UINT16(timeout, p);
1619
1620 l2cble_process_rc_param_request_evt(handle, int_min, int_max, latency,
1621 timeout);
1622 }
1623